Featured Slideshow

In a Dallas courtroom on Thursday, writer and activist Barrett Brown was sentenced to 63 months in prison and was ordered to pay a little more than $890,000 in restitution and fines, according to reports.

Upcoming Live Events

Be sure to stay tuned for breaking news on our 2015 conference and expo, which promises to deliver even more innovative programming and an enhanced showcase of the latest cyber security solutions you must see.

Previously classified: malware's role in Pentagon attack

In a day which started with news about a rogue robot helicopter buzzing the Washington, DC air defense identification zone (ADIZ), today's confirmation about the intent of the Pentagon malware loaded from a USB drive brings a startling reality home: whether or not we all believe in cyberwarfare, others on this blue-green world do. More important, our corporate network interconnectivity may make our partners vulnerable ñ and make us more vulnerable through our partners.

Right now, more than 100 foreign intelligence organizations are trying to hack into the digital networks that undergird U.S. military operations.

WASHINGTON – The Pentagon says a foreign spy agency pulled off the most serious breach of Defense Department computer networks ever by inserting a flash drive into a U.S. military laptop.

The previously classified incident took place in 2008 in the Middle East and was disclosed in a magazine article by Deputy Defense Secretary William J. Lynn and released by the Pentagon Wednesday. The Pentagon did not say what nation's spy agency was involved.

He said a “malicious code” on the flash drive spread undetected on both classified and unclassified Pentagon systems, “establishing what amounted to a digital beachhead,” for stealing military secrets. He did not say what, if any, information was taken.

Surprise: Cybercrime and cybercriminals play a significant role in this threat to national security. In a speech made last year, Deputy SecDef Lynn made these statements framing where this country is today.

This is not some future threat. This cyberthreat is here today. It is here now. In fact, the cyberthreat to the Department of Defense represents an unprecedented challenge to our national security by virtue of its source, its speed and its scope.

There's the source. The power to disrupt and destroy, once the sole province of nations, now also rests with small groups and individuals, from terrorist groups to organized crime, from hacker activists to teenage hackers, from industrial spies to foreign intelligence services.

We know that foreign governments are developing offensive cybercapabilities and that more than 100 foreign intelligence organizations are trying to hack into U.S. networks.

We know that organized criminal groups and individual hackers are building global networks of compromised computers, botnets and zombies, and then selling or renting them to the highest bidder, in essence becoming 21st-century cybermercenaries.

The new program would apply to the companies that make up the Defense Industrial Base (DIB) and only to the parts of those companies that indigenously store and use sensitive information. Classified information is not supposed to be stored on any dot.mil subdomain that is accessible to outside computer networks.

It may not be legal to force companies to submit to NSA monitoring, or even to ask them to voluntarily agree to it, and it might not be politically feasible for companies to accept NSA sensors without disclosing their existence for liability and optical reasons.

Five ways out of darkness: Military

In his article, Lynn outlines five pillars of the department's emerging cybersecurity policy:

Cyber must be recognized as a warfare domain equal to land, sea, and air;

Any defensive posture must go beyond “good hygiene” to include sophisticated and accurate operations that allow rapid response;

Cyber defenses must reach beyond the department's dot-mil world into commercial networks, as governed by Homeland Security;

Cyber defenses must be pursued with international allies for an effective “shared warning” of threats; and

The Defense Department must help to maintain and leverage U.S. technological dominance and improve the acquisitions process to keep up with the speed and agility of the information technology industry.

Three ways: CIO and IT

The pathway to success for breaches have often been through partners, or partners of partners, who have interconnected network security. Three risks which most IT managers and CIOs should be aware of are interesting.

Be careful of the insider threat, but consider that the "insider" may be someone else's employee.

If you are partnered with the government and don't reduce and contain your sensitive digital content, someone else (the NSA) may be assigned to watch it for you.

Check out what's trending

SC Magazine arms information security professionals with the in-depth, unbiased business and technical information they need to tackle the countless security challenges they face and establish risk management and compliance postures that underpin overall business strategies.